CVE-2018-13389

CWE-20Improper Input Validation3 documents3 sources
Severity
4.7MEDIUM
EPSS
0.2%
top 63.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Atlassian Confluence
Timeline
PublishedJul 10
Latest updateMay 14

Description

The attachment resource in Atlassian Confluence before version 6.6.1 allows remote attackers to spoof web content in the Mozilla Firefox Browser through attachments that have a content-type of application/rdf+xml.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5atlassian/confluenceunspecified6.6.1

Patches

Patch: jira.atlassian.comPatch: jira.atlassian.com

🔴Vulnerability Details

2
GHSA
GHSA-frc2-fc33-2pfw: The attachment resource in Atlassian Confluence before version 62022-05-14
CVEList
CVE-2018-13389: The attachment resource in Atlassian Confluence before version 62018-07-10
CVE-2018-13389 (MEDIUM CVSS 4.7) | The attachment resource in Atlassia | cvebase.io